softplayer/softplayer-apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: softplayer:main
Branches Tags
softplayer:main
softplayer:renovate/configure
softplayer:update-vaultwarden
softplayer:test-ci
..
compare: softplayer:test-ci
Branches Tags
softplayer:renovate/configure
softplayer:main
softplayer:update-vaultwarden
softplayer:test-ci

1 Commits
main ... test-ci

Author SHA1 Message Date
Nikolai Rodionov
14052397af
fix the repo name 2024-05-05 19:44:29 +02:00
63 changed files with 26 additions and 2743 deletions
Show Stats Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,3 +0,0 @@
bin
custom
*.tgz

23
.woodpecker/.helm-workflow.yml
View File

@ -4,7 +4,7 @@ when:
- push
.chart-testing-image: &chart-testing-image
image: quay.io/helmpack/chart-testing:v3.11.0
image: quay.io/helmpack/chart-testing:v3.10.1
clone:
git:
image: woodpeckerci/plugin-git
@ -29,7 +29,7 @@ steps:
- helm repo add badhouseplants-lib-testing https://git.badhouseplants.net/api/packages/badhouseplants/helm
- |
if [ -s .changed ]; then
./scripts/lint.sh
ct lint --target-branch main --validate-maintainers=false
fi
test:
@ -47,35 +47,34 @@ steps:
echo "nameserver 8.8.8.8" > /etc/resolv.conf
k3d cluster create test --api-port 16443 --k3s-arg="kubelet-args=\"--allowed-unsafe-sysctls=net.ipv4.ip_forward\""@all
sed -i -E -e 's/localhost|0\.0\.0\.0/docker/g' ~/.kube/config
kubectl get storageclass
git fetch origin
./scripts/test.sh
ct install --target-branch main
ct install --target-branch main --upgrade
fi
release:
image: alpine/helm:3.15.3
<<: *chart-testing-image
name: Release charts
when:
- branch: main
secrets:
- registry_password
- gitea_token
environment:
- DISABLE_FORCE_OVERWRITE='true'
- ALLOW_OVERWRITE='false'
- REGISTRY_URL=registry.badhouseplants.net
- REGISTRY_USERNAME=woody
commands:
- |
helm registry login $REGISTRY_URL \
--username $REGISTRY_USERNAME \
--password $REGISTRY_PASSWORD
helm registry login git.badhouseplants.net \
--username allanger \
--password $GITEA_TOKEN
- |
for chart in $(find charts -maxdepth 1 -mindepth 1 -type d); do
helm dependency update $chart
helm package $chart -d chart-packages;
done
- |
for chart in $(find chart-packages -maxdepth 1 -mindepth 1 -type f); do
helm push $chart oci://$REGISTRY_URL/softplayer/helm
helm push $chart oci://git.badhouseplants.net/softplayer/helm
done
services:

23
charts/mealie/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/mealie/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: softplayer-lib-workload
repository: oci://git.badhouseplants.net/softplayer
version: 0.2.1
digest: sha256:a3a4a69717a3549841454a0e27a1a9114ea8a03543caf5c0c9a184d5a98f36b4
generated: "2024-07-15T19:51:29.734002+02:00"

16
charts/mealie/Chart.yaml
View File

@ -1,16 +0,0 @@
apiVersion: v2
name: mealie
description: A Helm chart for running Mealie
type: application
version: 0.3.1
appVersion: v1.10.2
maintainers:
- name: allanger
email: allanger@badhouseplants.net
url: https://badhouseplants.net
dependencies:
- name: softplayer-lib-workload
version: 0.2.1
repository: oci://registry.badhouseplants.net/softplayer
annotations:
allowed_workload_kinds: "Deployment"

6
charts/mealie/templates/install.yaml
View File

@ -1,6 +0,0 @@
{{ include "lib.workload" . }}
{{ include "lib.service" . }}
{{ include "lib.ingress" . }}
{{ include "lib.config.env" . }}
{{ include "lib.pvc" . }}
{{ include "lib.raw" . }}

88
charts/mealie/values.yaml
View File

@ -1,88 +0,0 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
mealie:
image:
registry: ghcr.io
repository: mealie-recipes/mealie
tag:
pullPolicy: Always
ports:
- mealie
mounts:
storage:
data:
path: /app/data/
envFrom:
- environment
- secrets
livenessProbe:
httpGet:
path: /api/app/about
port: 9000
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /api/app/about
port: 9000
initialDelaySeconds: 10
periodSeconds: 10
ingress:
main:
class: traefik
annotations:
annotation: test
rules:
- hosts: mealie.softplayer.net
http:
paths:
- backend:
service:
name: "{{ include \"chart.fullname\" $ }}"
port: 9000
tls:
- hosts:
- mealie.softplayer.net
secretName: mealie.softplayer.net
service:
type: ClusterIP
ports:
mealie:
port: 9000
targetPort: 9000
protocol: TCP
storage:
data:
storageClassName: default
size: 1Gi
accessModes:
- ReadWriteOnce
env:
environment:
enabled: true
sensitive: false
data:
ALLOW_SIGNUP: true
PUID: 1000
PGID: 1000
TZ: Europe/Berlin
MAX_WORKERS: 1
WEB_CONCURRENCY: 1
BASE_URL: https://mealie.softplayer.com
DB_ENGINE: postgres
secrets:
enabled: true
sensitive: true
data:
POSTGRES_USER: ~
POSTGRES_PASSWORD: ~
POSTGRES_SERVER: ~
POSTGRES_PORT: ~
POSTGRES_DB: ~

23
charts/openvpn-xor/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

26
charts/openvpn-xor/Chart.yaml
View File

@ -1,26 +0,0 @@
---
apiVersion: v2
name: openvpn-xor
description: A Helm chart for deploying OpenVPN with the XOR patch
type: application
version: 1.5.0
appVersion: v2.6.11
sources:
- https://git.badhouseplants.net/allanger/container-openvpn
- https://github.com/kylemanna/docker-openvpn
- https://github.com/Tunnelblick/Tunnelblick
- https://github.com/OpenVPN/openvpn
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
keywords:
- OpenVPN
- VPN
- XOR
annotations:
xor_version: 6.0beta03

1
charts/openvpn-xor/templates/NOTES.txt
View File

@ -1 +0,0 @@
1. Get the application URL by running these commands:

82
charts/openvpn-xor/templates/_helpers.tpl
View File

@ -1,82 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{- printf "lala" }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "chart.labels" -}}
helm.sh/chart: {{ include "chart.chart" . }}
{{ include "chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "chart.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Build image tag for the XOR image
*/}}
{{- define "chart.imageTag" -}}
{{- if .Values.image.tag }}
{{- .Values.image.tag }}
{{- else }}
{{- printf "%s-xor-%s" .Chart.AppVersion .Chart.Annotations.xor_version }}
{{- end }}
{{- end }}
{{/*
Build the whole image name
*/}}
{{- define "chart.image" -}}
{{- printf "%s:%s" .Values.image.repository (include "chart.imageTag" .) }}
{{- end }}

128
charts/openvpn-xor/templates/deployment.yaml
View File

@ -1,128 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "chart.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: pvc-openvpn
persistentVolumeClaim:
claimName: {{ include "chart.fullname" . }}
- name: pki-scripts
configMap:
name: {{ include "chart.fullname" . }}-pki-scripts
securityContext:
sysctls:
- name: net.ipv4.ip_forward
value: "1"
containers:
- name: {{ .Chart.Name }}
image: {{ include "chart.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
- mountPath: /scripts
name: pki-scripts
env:
- name: OVPN_SERVER
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OPENVPN
value: "/etc/openvpn"
securityContext:
capabilities:
add:
- NET_ADMIN
initContainers:
# ----------------------------------------------------------------------
# -- This init container is generating the basic configuration
# ----------------------------------------------------------------------
- name: 0-ovpn-genconfig
image: {{ include "chart.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
env:
- name: OVPN_SERVER_URL
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OVPN_DATA
value: "/etc/openvpn"
- name: OPENVPN
value: "/etc/openvpn"
command:
- sh
- -c
- 'if ! [ -f "/etc/openvpn/ovpn_env.sh" ]; then ovpn_genconfig -u $OVPN_SERVER_URL && touch /etc/openvpn/.init; fi'
- name: 1-ovpn-initpki
env:
- name: OVPN_DATA
value: /etc/openvpn
- name: OPENVPN
value: "/etc/openvpn"
- name: EASYRSA_REQ_CN
value: {{ .Values.easyrsa.cn }}
- name: EASYRSA_REQ_COUNTRY
value: {{ .Values.easyrsa.country }}
- name: EASYRSA_REQ_PROVINCE
value: {{ .Values.easyrsa.province }}
- name: EASYRSA_REQ_CITY
value: {{ .Values.easyrsa.city }}
- name: EASYRSA_REQ_ORG
value: {{ .Values.easyrsa.org }}
- name: EASYRSA_REQ_EMAIL
value: {{ .Values.easyrsa.email }}
- name: EASYRSA_REQ_OU
value: {{ .Values.easyrsa.ou }}
- name: EASYRSA_ALGO
value: {{ .Values.easyrsa.algo }}
- name: EASYRSA_DIGEST
value: {{ .Values.easyrsa.digest }}
- name: EASYRSA_BATCH
value: "yes"
- name: OVPN_SERVER_URL
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
- mountPath: /scripts
name: pki-scripts
image: {{ include "chart.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bash
- /scripts/init_pki.sh
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

30
charts/openvpn-xor/templates/pki-generate-scripts.yaml
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "chart.fullname" . }}-pki-scripts
labels:
{{- include "chart.labels" . | nindent 4 }}
data:
init_pki.sh: |
if [ ! -d /etc/openvpn/pki ]; then
source "$OPENVPN/ovpn_env.sh"
OVPN_DIR=/etc/openvpn
PKI_DIR=$OVPN_DIR/pki
cd $OVPN_DIR
export EASYRSA_BATCH=yes
unset EASYRSA_VARS_FILE
/usr/share/easy-rsa/easyrsa init-pki
/usr/share/easy-rsa/easyrsa build-ca nopass
/usr/share/easy-rsa/easyrsa build-server-full {{ .Values.openvpn.host }} nopass
/usr/share/easy-rsa/easyrsa gen-dh
cd $PKI_DIR
openvpn --genkey tls-crypt-v2-server private/{{ .Values.openvpn.host }}.pem
openvpn --genkey secret > ta.key
fi
gen_client.sh: |
source "$OPENVPN/ovpn_env.sh"
CLIENTNAME=$1
PASSWORD=$2
OVPN_DIR=/etc/openvpn
cd $OVPN_DIR
/usr/share/easy-rsa/easyrsa build-client-full $CLIENTNAME $PASSWORD

19
charts/openvpn-xor/templates/pvc.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
{{- if .Values.storage.class }}
{{- if (eq "-" .Values.storage.class) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.storage.class }}"
{{- end }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.storage.size }}

18
charts/openvpn-xor/templates/service.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
{{- if .Values.service.nodePort }}
nodePort: {{ int .Values.service.nodePort }}
{{- end}}
targetPort: {{ .Values.service.port | default 1194 }}
protocol: {{ .Values.service.protocol | default "UDP" | quote }}
name: openvpn-xor
selector:
{{- include "chart.selectorLabels" . | nindent 4 }}

13
charts/openvpn-xor/templates/tcp_route.yaml
View File

@ -1,13 +0,0 @@
---
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" -}}
{{- if .Values.tcproute.enabled }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "chart.fullname" . }}
labels:
{{- include "chart.labels" . | nindent 4 }}
spec:
{{ tpl (.Values.tcproute.spec | toYaml | indent 2 | toString) $ }}
{{- end }}
{{- end }}

200
charts/openvpn-xor/templates/tests/test-connection.yaml
View File

@ -1,200 +0,0 @@
{{- $version := semver .Capabilities.KubeVersion.Version }}
{{- if .Values.tests.enabled }}
# ---------------------------------------------------------------------
# -- Test that CRDs are installed
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-script
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "6"
data:
get_config.sh: |-
#!/bin/bash
kubectl rollout status deployment/{{ include "openvpn-chart.fullname" . }}
kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_genclientcert test nopass
kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_getclient test > /data/test.ovpn
test_connection.sh : |-
sed -i "s/127.0.0.1/{{ include "openvpn-chart.fullname" . }}/g" /data/test.ovpn
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
openvpn --config /data/test.ovpn --daemon --log-append /tmp/ovpnlog
tail -n0 -f /tmp/ovpnlog | sed '/Initialization Sequence Completed/ q'
---
# ---------------------------------------------------------------------
# -- Prepare roles and bindings to access k8s resources from the test
# ---------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-role
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-rb
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
subjects:
- kind: ServiceAccount
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "openvpn-chart.fullname" . }}-test-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
storageClassName: {{ .Values.storage.class }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 512Mi
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
spec:
serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
automountServiceAccountToken: true
volumes:
- name: test-script
configMap:
name: {{ include "openvpn-chart.fullname" . }}-test-script
- name: data
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}-test
containers:
- name: tester
image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }}
volumeMounts:
- name: test-script
readOnly: true
mountPath: /get_config.sh
subPath: get_config.sh
- name: data
readOnly: false
mountPath: /data
command:
- bash
args:
- -e
- /get_config.sh
restartPolicy: Never
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-connection
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
spec:
serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
automountServiceAccountToken: true
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}-test
- name: test-script
configMap:
name: {{ include "openvpn-chart.fullname" . }}-test-script
containers:
- name: tester
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: data
readOnly: false
mountPath: /data
- name: test-script
readOnly: true
mountPath: /test_connection.sh
subPath: test_connection.sh
command:
- bash
args:
- -e
- /test_connection.sh
securityContext:
capabilities:
add:
- NET_ADMIN
restartPolicy: Never
{{- end }}

89
charts/openvpn-xor/values.yaml
View File

@ -1,89 +0,0 @@
# Default values for openvpn-chart.
image:
repository: git.badhouseplants.net/allanger/container-openvpn
pullPolicy: Always
# -------------------------------------------
# -- TODO: Switch to proper versions
# -------------------------------------------
# tag: check
# -----------------------------
# -- Open VPN configuration
# -----------------------------
openvpn:
proto: tcp
host: 127.0.0.1
port: 1194
# ---------------------------------------
# -- Deploy OpenVPN admin
# -- https://github.com/flant/ovpn-admin
# ---------------------------------------
openvpn_admin:
enabled: true
# -----------------------------
# -- Easy RSA configuration
# -----------------------------
easyrsa:
cn: . # -- EASYRSA_REQ_CN
country: . # -- EASYRSA_REQ_COUNTRY
province: . # -- EASYRSA_REQ_PROVINCE
city: . # -- EASYRSA_REQ_CITY
org: . # -- EASYRSA_REQ_ORG
email: . # -- EASYRSA_REQ_EMAIL
ou: Community # -- EASYRSA_REQ_OU
algo: ec # -- EASYRSA_ALGO
digest: sha512 # -- EASYRSA_DIGEST
replicaCount: 1
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
storage:
class: ""
size: 1Gi
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 1194
protocol: TCP
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
tests:
enabled: false
cleanup: true

23
charts/openvpn/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

20
charts/openvpn/Chart.yaml
View File

@ -1,20 +0,0 @@
---
apiVersion: v2
name: openvpn
description: A Helm chart for deploying OpenVPN
type: application
version: 0.0.1
appVersion: v2.6.5
sources:
- https://git.badhouseplants.net/allanger/container-openvpn-xor
- https://github.com/kylemanna/docker-openvpn
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
keywords:
- OpenVPN
- VPN

1
charts/openvpn/templates/NOTES.txt
View File

@ -1 +0,0 @@
1. Get the application URL by running these commands:

62
charts/openvpn/templates/_helpers.tpl
View File

@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "openvpn-chart.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "openvpn-chart.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "openvpn-chart.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "openvpn-chart.labels" -}}
helm.sh/chart: {{ include "openvpn-chart.chart" . }}
{{ include "openvpn-chart.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "openvpn-chart.selectorLabels" -}}
app.kubernetes.io/name: {{ include "openvpn-chart.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "openvpn-chart.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "openvpn-chart.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

128
charts/openvpn/templates/deployment.yaml
View File

@ -1,128 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "openvpn-chart.fullname" . }}
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "openvpn-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: pvc-openvpn
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}
- name: pki-scripts
configMap:
name: {{ include "openvpn-chart.fullname" . }}-pki-scripts
securityContext:
sysctls:
- name: net.ipv4.ip_forward
value: "1"
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
- mountPath: /scripts
name: pki-scripts
env:
- name: OVPN_SERVER
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OPENVPN
value: "/etc/openvpn"
securityContext:
capabilities:
add:
- NET_ADMIN
initContainers:
# ----------------------------------------------------------------------
# -- This init container is generating the basic configuration
# ----------------------------------------------------------------------
- name: 0-ovpn-genconfig
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
env:
- name: OVPN_SERVER_URL
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OVPN_DATA
value: "/etc/openvpn"
- name: OPENVPN
value: "/etc/openvpn"
command:
- sh
- -c
- 'if ! [ -f "/etc/openvpn/ovpn_env.sh" ]; then ovpn_genconfig -u $OVPN_SERVER_URL && touch /etc/openvpn/.init; fi'
- name: 1-ovpn-initpki
env:
- name: OVPN_DATA
value: /etc/openvpn
- name: OPENVPN
value: "/etc/openvpn"
- name: EASYRSA_REQ_CN
value: {{ .Values.easyrsa.cn }}
- name: EASYRSA_REQ_COUNTRY
value: {{ .Values.easyrsa.country }}
- name: EASYRSA_REQ_PROVINCE
value: {{ .Values.easyrsa.province }}
- name: EASYRSA_REQ_CITY
value: {{ .Values.easyrsa.city }}
- name: EASYRSA_REQ_ORG
value: {{ .Values.easyrsa.org }}
- name: EASYRSA_REQ_EMAIL
value: {{ .Values.easyrsa.email }}
- name: EASYRSA_REQ_OU
value: {{ .Values.easyrsa.ou }}
- name: EASYRSA_ALGO
value: {{ .Values.easyrsa.algo }}
- name: EASYRSA_DIGEST
value: {{ .Values.easyrsa.digest }}
- name: EASYRSA_BATCH
value: "yes"
- name: OVPN_SERVER_URL
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
- mountPath: /scripts
name: pki-scripts
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bash
- /scripts/init_pki.sh
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

30
charts/openvpn/templates/pki-generate-scripts.yaml
View File

@ -1,30 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "openvpn-chart.fullname" . }}-pki-scripts
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
data:
init_pki.sh: |
if [ ! -d /etc/openvpn/pki ]; then
source "$OPENVPN/ovpn_env.sh"
OVPN_DIR=/etc/openvpn
PKI_DIR=$OVPN_DIR/pki
cd $OVPN_DIR
export EASYRSA_BATCH=yes
unset EASYRSA_VARS_FILE
/usr/share/easy-rsa/easyrsa init-pki
/usr/share/easy-rsa/easyrsa build-ca nopass
/usr/share/easy-rsa/easyrsa build-server-full {{ .Values.openvpn.host }} nopass
/usr/share/easy-rsa/easyrsa gen-dh
cd $PKI_DIR
openvpn --genkey tls-crypt-v2-server private/{{ .Values.openvpn.host }}.pem
openvpn --genkey secret > ta.key
fi
gen_client.sh: |
source "$OPENVPN/ovpn_env.sh"
CLIENTNAME=$1
PASSWORD=$2
OVPN_DIR=/etc/openvpn
cd $OVPN_DIR
/usr/share/easy-rsa/easyrsa build-client-full $CLIENTNAME $PASSWORD

19
charts/openvpn/templates/pvc.yaml
View File

@ -1,19 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "openvpn-chart.fullname" . }}
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
{{- if .Values.storage.class }}
{{- if (eq "-" .Values.storage.class) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.storage.class }}"
{{- end }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.storage.size }}

18
charts/openvpn/templates/service.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "openvpn-chart.fullname" . }}
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
{{- if .Values.service.nodePort }}
nodePort: {{ int .Values.service.nodePort }}
{{- end}}
targetPort: {{ .Values.service.port | default 1194 }}
protocol: {{ .Values.service.protocol | default "UDP" | quote }}
name: openvpn
selector:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}

13
charts/openvpn/templates/tcp_route.yaml
View File

@ -1,13 +0,0 @@
---
{{- if $.Capabilities.APIVersions.Has "traefik.io/v1alpha1/IngressRouteTCP" -}}
{{- if .Values.tcproute.enabled }}
apiVersion: traefik.io/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ include "openvpn-chart.fullname" . }}
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
{{ tpl (.Values.tcproute.spec | toYaml | indent 2 | toString) $ }}
{{- end }}
{{- end }}

200
charts/openvpn/templates/tests/test-connection.yaml
View File

@ -1,200 +0,0 @@
{{- $version := semver .Capabilities.KubeVersion.Version }}
{{- if .Values.tests.enabled }}
# ---------------------------------------------------------------------
# -- Test that CRDs are installed
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-script
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "6"
data:
get_config.sh: |-
#!/bin/bash
kubectl rollout status deployment/{{ include "openvpn-chart.fullname" . }}
kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_genclientcert test nopass
kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_getclient test > /data/test.ovpn
test_connection.sh : |-
sed -i "s/127.0.0.1/{{ include "openvpn-chart.fullname" . }}/g" /data/test.ovpn
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
openvpn --config /data/test.ovpn --daemon --log-append /tmp/ovpnlog
tail -n0 -f /tmp/ovpnlog | sed '/Initialization Sequence Completed/ q'
---
# ---------------------------------------------------------------------
# -- Prepare roles and bindings to access k8s resources from the test
# ---------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-role
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-rb
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
subjects:
- kind: ServiceAccount
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "openvpn-chart.fullname" . }}-test-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
storageClassName: {{ .Values.storage.class }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 512Mi
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
spec:
serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
automountServiceAccountToken: true
volumes:
- name: test-script
configMap:
name: {{ include "openvpn-chart.fullname" . }}-test-script
- name: data
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}-test
containers:
- name: tester
image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }}
volumeMounts:
- name: test-script
readOnly: true
mountPath: /get_config.sh
subPath: get_config.sh
- name: data
readOnly: false
mountPath: /data
command:
- bash
args:
- -e
- /get_config.sh
restartPolicy: Never
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-connection
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
spec:
serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
automountServiceAccountToken: true
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}-test
- name: test-script
configMap:
name: {{ include "openvpn-chart.fullname" . }}-test-script
containers:
- name: tester
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: data
readOnly: false
mountPath: /data
- name: test-script
readOnly: true
mountPath: /test_connection.sh
subPath: test_connection.sh
command:
- bash
args:
- -e
- /test_connection.sh
securityContext:
capabilities:
add:
- NET_ADMIN
restartPolicy: Never
{{- end }}

89
charts/openvpn/values.yaml
View File

@ -1,89 +0,0 @@
# Default values for openvpn-chart.
image:
repository: gitea.badhouseplants.net/allanger/container-openvpn
pullPolicy: Always
# -------------------------------------------
# -- TODO: Switch to proper versions
# -------------------------------------------
# tag: ""
# -----------------------------
# -- Open VPN configuration
# -----------------------------
openvpn:
proto: tcp
host: 127.0.0.1
port: 1194
# ---------------------------------------
# -- Deploy OpenVPN admin
# -- https://github.com/flant/ovpn-admin
# ---------------------------------------
openvpn_admin:
enabled: true
# -----------------------------
# -- Easy RSA configuration
# -----------------------------
easyrsa:
cn: . # -- EASYRSA_REQ_CN
country: . # -- EASYRSA_REQ_COUNTRY
province: . # -- EASYRSA_REQ_PROVINCE
city: . # -- EASYRSA_REQ_CITY
org: . # -- EASYRSA_REQ_ORG
email: . # -- EASYRSA_REQ_EMAIL
ou: Community # -- EASYRSA_REQ_OU
algo: ec # -- EASYRSA_ALGO
digest: sha512 # -- EASYRSA_DIGEST
replicaCount: 1
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
storage:
class: ""
size: 1Gi
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 1194
protocol: TCP
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
tests:
enabled: false
cleanup: true

23
charts/selenoid/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/selenoid/Chart.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v2
name: selenoid
description: A Helm chart for Kubernetes
type: application
version: 0.1.0
appVersion: "1.11.3"

22
charts/selenoid/templates/NOTES.txt
View File

@ -1,22 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "selenoid.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "selenoid.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "selenoid.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "selenoid.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}

83
charts/selenoid/templates/_helpers.tpl
View File

@ -1,83 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "selenoid.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "selenoid.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "selenoid.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "selenoid.labels" -}}
helm.sh/chart: {{ include "selenoid.chart" . }}
{{ include "selenoid.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Common labels for UI
*/}}
{{- define "selenoidUI.labels" -}}
helm.sh/chart: {{ include "selenoid.chart" . }}
{{ include "selenoidUI.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "selenoid.selectorLabels" -}}
app.kubernetes.io/name: {{ include "selenoid.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Selector labels for the UI
*/}}
{{- define "selenoidUI.selectorLabels" -}}
app.kubernetes.io/name: {{ include "selenoid.name" . }}-ui
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "selenoid.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "selenoid.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

55
charts/selenoid/templates/selenoid-ui/deployment.yaml
View File

@ -1,55 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "selenoid.fullname" . }}-ui
labels:
{{- include "selenoidUI.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "selenoidUI.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "selenoidUI.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: aerokube/selenoid-ui
args:
- --selenoid-uri
- "http://{{ include "selenoid.fullname" . }}:4444"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
{{- toYaml .Values.ui.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.ui.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
ports:
- containerPort: 8080
name: selenoid-ui
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

61
charts/selenoid/templates/selenoid-ui/ingress.yaml
View File

@ -1,61 +0,0 @@
{{- if .Values.ingressUI.enabled -}}
{{- $fullName := include "selenoid.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingressUI.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingressUI.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingressUI.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-ui
labels:
{{- include "selenoidUI.labels" . | nindent 4 }}
{{- with .Values.ingressUI.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingressUI.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingressUI.className }}
{{- end }}
{{- if .Values.ingressUI.tls }}
tls:
{{- range .Values.ingressUI.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingressUI.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}-ui
port:
number: 8080
{{- else }}
serviceName: {{ $fullName }}-ui
servicePort: 8080
{{- end }}
{{- end }}
{{- end }}
{{- end }}

65
charts/selenoid/templates/selenoid-ui/network-policies.yaml
View File

@ -1,65 +0,0 @@
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ include "selenoid.fullname" . }}
labels:
{{- include "selenoid.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "selenoid.selectorLabels" . | nindent 6 }}
ingress:
- {}
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: coredns
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kubedns
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 10.0.0.0/8
#kind: NetworkPolicy
#apiVersion: networking.k8s.io/v1
#metadata:
# name: default-deny-all
#spec:
# podSelector: {}
# policyTypes:
# - Egress
# - Ingress
---
#kind: NetworkPolicy
#apiVersion: networking.k8s.io/v1
#metadata:
# name: allow-internet-only
#spec:
# podSelector: {}
# policyTypes:
# - Egress
# egress:
# - to:
# - ipBlock:
# cidr: 0.0.0.0/0
# except:
# - 10.0.0.0/8
# - 192.168.0.0/16
# - 172.16.0.0/20

16
charts/selenoid/templates/selenoid-ui/service.yaml
View File

@ -1,16 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "selenoid.fullname" . }}-ui
labels:
{{- include "selenoidUI.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 8080
targetPort: selenoid-ui
protocol: TCP
name: http
selector:
{{- include "selenoidUI.selectorLabels" . | nindent 4 }}

31
charts/selenoid/templates/selenoid/config.yaml
View File

@ -1,31 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "selenoid.fullname" . }}-config
labels:
{{- include "selenoid.labels" . | nindent 4 }}
data:
browsers.json: |
{
"chrome": {
"default": "latest",
"versions": {
"latest": {
"image": "selenoid/chrome:latest",
"port": "4444",
"tmpfs": {"/tmp":"size=512m"}
}
}
},
"firefox": {
"default": "latest",
"versions": {
"latest": {
"image": "selenoid/firefox:latest",
"port": "4444",
"path": "/wd/hub",
"tmpfs": {"/tmp":"size=512m"}
}
}
}
}

129
charts/selenoid/templates/selenoid/deployment.yaml
View File

@ -1,129 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "selenoid.fullname" . }}
labels:
{{- include "selenoid.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "selenoid.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "selenoid.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
startupProbe:
{{- toYaml .Values.startupProbe | nindent 12 }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: /etc/selenoid/browsers.json
subPath: browsers.json
- name: scripts
mountPath: /tmp/scripts/selenoid
subPath: selenoid
command:
- sh
args:
- /tmp/scripts/selenoid
ports:
- containerPort: 4444
name: selenium
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: dind
image: "{{ .Values.dind.registry }}/{{ .Values.dind.repository }}:{{ .Values.dind.tag }}"
imagePullPolicy: {{ .Values.dind.pullPolicy }}
command:
{{- range .Values.dind.command }}
- {{ . }}
{{- end }}
args:
{{- range .Values.dind.commandArgs }}
- {{ . }}
{{- end }}
{{- with .Values.dind.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
lifecycle:
preStop:
# wait for all running containers to have stopped, so the last build can finish before the runner is fully stopped.
exec:
command: ["/bin/sh","-c","while true; do sleep {{ .Values.dind.gracefulShutdownRetryPeriod }}; lastEventTime=$(docker -H tcp://localhost:2375 events --since={{ .Values.dind.gracefulShutdownRetryPeriod }}s --until=1s | wc -l); containersRunning=$(docker -H tcp://localhost:2375 ps -q | wc -l); if [ $containersRunning -eq 0 ] && [ $lastEventTime -eq 0 ]; then exit 0; fi; echo 'steps/containers running, retry'; done"]
livenessProbe:
exec:
command:
- docker
- -H
- tcp://localhost:2375
- images
initialDelaySeconds: 5
periodSeconds: 5
readinessProbe:
exec:
command:
- docker
- -H
- tcp://localhost:2375
- images
initialDelaySeconds: 5
periodSeconds: 5
{{- with .Values.dind.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.dind.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
volumes:
- name: config
configMap:
name: {{ include "selenoid.fullname" . }}-config
- name: scripts
configMap:
name: {{ include "selenoid.fullname" . }}-scripts
- name: docker-storage
emptyDir: {}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

61
charts/selenoid/templates/selenoid/ingress.yaml
View File

@ -1,61 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "selenoid.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "selenoidUI.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: 4444
{{- else }}
serviceName: {{ $fullName }}
servicePort: 4444
{{- end }}
{{- end }}
{{- end }}
{{- end }}

22
charts/selenoid/templates/selenoid/script-configmap.yaml
View File

@ -1,22 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "selenoid.fullname" . }}-scripts
labels:
{{- include "selenoid.labels" . | nindent 4 }}
data:
selenoid: |-
#!/usr/bin/sh
set -e
for i in `seq 0 100`
do wget 127.0.0.1:2375/version && break || echo waiting && sleep 5
done
# -- This is supposed to get the docker API version
sed -E 's/.*"ApiVersion":"?([^,"]*)"?.*/\1/' version
images=$(cat /etc/selenoid/browsers.json | grep image | awk '{print $2}' | sed -e "s/\"//g" -e "s/,//g")
for image in $images; do
wget --header "Content-Type: application/json" \
-O - --post-data="-" \
127.0.0.1:2375/v1.41/images/create?fromImage=$image
done
/usr/bin/selenoid -listen :4444 -conf /etc/selenoid/browsers.json

16
charts/selenoid/templates/selenoid/service.yaml
View File

@ -1,16 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "selenoid.fullname" . }}
labels:
{{- include "selenoid.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: 4444
targetPort: selenium
protocol: TCP
name: http
selector:
{{- include "selenoid.selectorLabels" . | nindent 4 }}

3
charts/selenoid/todo.md
View File

@ -1,3 +0,0 @@
Network policies should
Let the selenoid pod access the internet without letting access internal services

168
charts/selenoid/values.yaml
View File

@ -1,168 +0,0 @@
# Default values for selenoid.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: aerokube/selenoid
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
dind:
## The official docker (dind) image, change tag to use a different version.
## ref: https://hub.docker.com/r/library/docker/tags/
##
registry: docker.io
repository: docker
tag: 20-dind
pullPolicy: IfNotPresent
command:
- "dockerd"
commandArgs:
- "--host"
- "tcp://localhost:2375"
securityContext:
privileged: true
## If you have declared extra volumes, mount them here, per the Pod Container's
## "volumeMounts" section of dind container
##
extraVolumeMounts: []
# - name: storage
# mountPath: /var/lib/docker
# subPath: docker
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
gracefulShutdownRetryPeriod: 60
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: true
className: ""
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: selenoid.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: selenoid.badhouseplants.net
hosts:
- selenoid.badhouseplants.net
ingressUI:
enabled: true
className: ""
annotations:
cert-manager.io/cluster-issuer: badhouseplants-issuer-http01
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: selenoid-ui.badhouseplants.net
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: selenoid-ui.badhouseplants.net
hosts:
- selenoid-ui.badhouseplants.net
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
startupProbe:
failureThreshold: 50
periodSeconds: 10
tcpSocket:
port: 4444
livenessProbe:
tcpSocket:
port: 4444
readinessProbe:
tcpSocket:
port: 4444
ui:
livenessProbe:
tcpSocket:
port: 8080
readinessProbe:
tcpSocket:
port: 8080
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# -name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}

8
charts/shadowsocks-libev/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: softplayer-lib-workload
- name: softplayer-lib-testing
repository: oci://git.badhouseplants.net/softplayer
version: 0.1.8
digest: sha256:705ec28e79232607706e15dbbdd936fb2fbcae4b253da37d1e08140ee8c7e897
generated: "2024-05-26T19:22:48.889256+02:00"
version: 0.1.0
digest: sha256:7fe5a4899522fed731dd3b04d8397d23bb0cf920d7d56adf98911a268d0cbc7a
generated: "2024-05-05T18:56:25.892403+02:00"

20
charts/shadowsocks-libev/Chart.yaml
View File

@ -1,23 +1,17 @@
---
apiVersion: v2
name: shadowsocks-libev
description: Bug-fix-only libev port of shadowsocks
description: A Helm chart for shadowsocks-libev
type: application
version: 0.3.1
version: 0.1.1
appVersion: "v3.3.5"
maintainers:
- name: allanger
email: allanger@badhouseplants.net
url: https://badhouseplants.net
dependencies:
- name: softplayer-lib-workload
version: 0.1.8
- name: softplayer-lib-testing
version: 0.1.0
repository: oci://git.badhouseplants.net/softplayer
sources:
- https://github.com/shadowsocks/shadowsocks-libev
home: https://github.com/shadowsocks/shadowsocks-libev
keywords:
- shadowsocks
- vpn
- proxy
annotations:
allowed_workload_kinds: "Deployment,StatefulSet,DaemonSet"
helm.badhouseplants.net/registry: "docker.io/shadowsocks/shadowsocks-libev"
helm.badhouseplants.net/allowed_workload_kinds: "Deployment,StatefulSet"

54
charts/shadowsocks-libev/README.md
View File

@ -1,54 +0,0 @@
# shadowsocks-libev
![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.3.5](https://img.shields.io/badge/AppVersion-v3.3.5-informational?style=flat-square)
Bug-fix-only libev port of shadowsocks
## Source Code
* <https://github.com/shadowsocks/shadowsocks-libev>
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| allanger | <allanger@badhouseplants.net> | <https://badhouseplants.net> |
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| oci://git.badhouseplants.net/softplayer | softplayer-lib-workload | 0.1.0 |
## Installing the Chart
To install the chart with the release name `sql-exporter`:
```console
helm repo add sql_exporter https://burningalchemist.github.io/sql_exporter/
helm install sql_exporter/sql-exporter
```
## Chart Values
### General parameters
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| workload.kind | string | `"Deployment"` | A kind of workload to run |
| workload.containers | object | `{"shadowsocks":{"envFrom":["environemnt","secrets"],"image":{"pullPolicy":"Always","registry":"docker.io","repository":"shadowsocks/shadowsocks-libev","tag":null},"ports":["shadowsocks"],"securityContext":{"capabilities":{"add":["NET_ADMIN"]}}}}` | A list of containers to run within the workload |
| workload.containers.shadowsocks | object | `{"envFrom":["environemnt","secrets"],"image":{"pullPolicy":"Always","registry":"docker.io","repository":"shadowsocks/shadowsocks-libev","tag":null},"ports":["shadowsocks"],"securityContext":{"capabilities":{"add":["NET_ADMIN"]}}}` | Shadowsocks container description |
| workload.containers.shadowsocks.securityContext | object | `{"capabilities":{"add":["NET_ADMIN"]}}` | Required to allow ipv4 forwarding |
| env.environment.sensitive | bool | `false` | |
| env.environment.data.METHOD | string | `"chacha20-ietf-poly1305"` | |
| env.secrets.sensitive | bool | `true` | |
| env.secrets.data.PASSWORD | string | `"test12345"` | Provide a password that will be used to connect to shadowsocks |
| service.type | string | `"ClusterIP"` | |
| service.ports.shadowsocks.port | int | `8388` | |
| service.ports.shadowsocks.targetPort | int | `8388` | |
| service.ports.shadowsocks.protocol | string | `"TCP"` | |
## Dev Notes
After changing default `Values`, please execute `make gen_docs` to update the `README.md` file. Readme file is generated by the `helm-docs` tool, so make sure not to edit it manually.

BIN
charts/shadowsocks-libev/charts/softplayer-lib-testing-0.1.0.tgz Normal file
View File

Binary file not shown.

BIN
charts/shadowsocks-libev/charts/softplayer-lib-workload-0.1.8.tgz
View File

Binary file not shown.

3
charts/shadowsocks-libev/templates/install.yaml
View File

@ -1,4 +1,3 @@
{{ include "lib.workload" . }}
{{ include "lib.service" . }}
{{ include "lib.config.env" . }}
{{ include "lib.traefik.ingress_route_tcp" . }}
{{ include "lib.env" . }}

24
charts/shadowsocks-libev/values.yaml
View File

@ -1,17 +1,8 @@
---
workload:
# -- A kind of workload to run
kind: Deployment
# -- A list of containers to run within the workload
containers:
# -- Shadowsocks container description
shadowsocks:
image:
registry: docker.io
repository: shadowsocks/shadowsocks-libev
tag: v3.3.5
pullPolicy: Always
# -- Required to allow ipv4 forwarding
securityContext:
capabilities:
add:
@ -30,19 +21,10 @@ env:
secrets:
sensitive: true
data:
# -- Provide a password that will be used to connect to shadowsocks
# ---------------------------------------------------------------
# Please, do not forget to replace this PASSWORD
# ---------------------------------------------------------------
PASSWORD: test12345
traefik:
tcpRoutes:
shadowsocks:
entryPoints:
- shadowsocks
routes:
- match: HostSNI(`*`)
services:
- name: '{{ include "chart.fullname" $ }}'
port: 8388
nativeLB: true
service:
type: ClusterIP

23
charts/team-fortress-2/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/team-fortress-2/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: softplayer-lib-workload
repository: oci://git.badhouseplants.net/softplayer
version: 0.1.8
digest: sha256:705ec28e79232607706e15dbbdd936fb2fbcae4b253da37d1e08140ee8c7e897
generated: "2024-05-26T13:04:45.205328+02:00"

18
charts/team-fortress-2/Chart.yaml
View File

@ -1,18 +0,0 @@
apiVersion: v2
name: team-fortress-2
description: A Helm chart for running a Team Fortress 2 server
type: application
version: 0.1.2
appVersion: "latest"
maintainers:
- name: allanger
email: allanger@badhouseplants.net
url: https://badhouseplants.net
dependencies:
- name: softplayer-lib-workload
version: 0.1.8
repository: oci://git.badhouseplants.net/softplayer
annotations:
allowed_workload_kinds: "Deployment"
# -- Skipping tests because it requires a very big volume
skip_tests: "true"

7
charts/team-fortress-2/templates/install.yaml
View File

@ -1,7 +0,0 @@
{{ include "lib.workload" . }}
{{ include "lib.service" . }}
{{ include "lib.config.env" . }}
{{ include "lib.config.files" . }}
{{ include "lib.pvc" . }}
{{ include "lib.traefik.ingress_route_udp" . }}
{{ include "lib.traefik.ingress_route_tcp" . }}

249
charts/team-fortress-2/values.yaml
View File

@ -1,249 +0,0 @@
workload:
kind: Deployment
containers:
tf2:
image:
registry: docker.io
repository: cm2network/tf2
tag:
pullPolicy: Always
ports:
- tf2
- rcon
- tv
mounts:
storage:
data:
path: /home/steam/tf-dedicated/
extraVolumes:
steam:
path: /Steam
envFrom:
- environment
- secrets
livenessProbe:
tcpSocket:
port: 27015
failureThreshold: 6
periodSeconds: 10
readinessProbe:
tcpSocket:
port: 27015
failureThreshold: 2
periodSeconds: 10
startupProbe:
failureThreshold: 80
initialDelaySeconds: 30
periodSeconds: 30
tcpSocket:
port: 27015
initContainers:
0-prepare-config:
image:
registry: docker.io
repository: alpine
tag: latest
pullPolicy: Always
mounts:
storage:
data:
path: /tf-data
files:
servercfg:
mode: 420
path: /src/server.cfg
subPath: server.cfg
command:
- sh
args:
- -c
- mkdir -p /tf-data/tf/cfg && cp /src/server.cfg /tf-data/tf/cfg/server.cfg
service:
type: ClusterIP
ports:
tf2:
port: 27015
targetPort: 27015
protocol: UDP
tv:
port: 27020
targetPort: 27020
protocol: TCP
rcon:
port: 27015
targetPort: 27015
protocol: TCP
traefik:
udpRoutes:
tf2:
entryPoints:
- valve-server
routes:
- services:
- name: '{{ include "chart.fullname" $ }}'
port: 27015
weight: 10
nativeLB: true
tcpRoutes:
rcon:
entryPoints:
- valve-rcon
routes:
- match: HostSNI(`*`)
services:
- name: '{{ include "chart.fullname" $ }}'
port: 27015
nativeLB: true
storage:
data:
storageClassName: default
size: 20G
accessModes:
- ReadWriteOnce
env:
environment:
sensitive: false
data:
SRCDS_PORT: "27015"
SRCDS_TV_PORT: "27020"
SRCDS_IP: "0"
SRCDS_FPSMAX: "300"
SRCDS_TICKRATE: "66"
SRCDS_MAXPLAYERS: "14"
SRCDS_REGION: "3"
SRCDS_STARTMAP: "ctf_2fort"
SRCDS_HOSTNAME: "New TF Server" # -- first launch only
SRCDS_CFG: "server.cfg"
SRCDS_MAPCYCLE: "m apcycle_default.txt" # -- value can be overwritten by tf/cfg/server.cfg
SRCDS_SECURED: "1" # -- 0 to start the server as insecured
secrets:
sensitive: true
data:
SRCDS_TOKEN: "" # -- value is is required to be listed & reachable, retrieve token here (AppID 440): https://steamcommunity.com/dev/managegameservers
extraVolumes:
# -- Because by default the fs is read-only, we need to add an emtpy dir volume
steam:
emptyDir: {}
files:
servercfg:
sensitive: true
data:
server.cfg: |-
// General Settings //
// Hostname for server.
hostname "Team Fortress 2 Server"
// Overrides the max players reported to prospective clients
sv_visiblemaxplayers 24
// Maximum number of rounds to play before server changes maps
mp_maxrounds 5
// Set to lock per-frame time elapse
host_framerate 0
// Set the pause state of the server
setpause 0
// Control where the client gets content from
// 0 = anywhere, 1 = anywhere listed in white list, 2 = steam official content only
sv_pure 0
// Is the server pausable
sv_pausable 0
// Type of server 0=internet 1=lan
sv_lan 0
// Collect CPU usage stats
sv_stats 1
// Server password
sv_password "qwertyu9"
// Execute Banned Users //
exec banned_user.cfg
exec banned_ip.cfg
writeid
writeip
// Contact & Region //
// Contact email for server sysop
sv_contact test@example.com
// The region of the world to report this server in.
// -1 is the world, 0 is USA east coast, 1 is USA west coast
// 2 south america, 3 europe, 4 asia, 5 australia, 6 middle east, 7 africa
sv_region -1
// Rcon Settings //
// Password for rcon authentication (Remote CONtrol)
rcon_password "12345"
// Number of minutes to ban users who fail rcon authentication
sv_rcon_banpenalty 1440
// Max number of times a user can fail rcon authentication before being banned
sv_rcon_maxfailures 5
// Log Settings //
// Enables logging to file, console, and udp < on | off >.
log on
// Log server information to only one file.
sv_log_onefile 0
// Log server information in the log file.
sv_logfile 1
// Log server bans in the server logs.
sv_logbans 1
// Echo log information to the console.
sv_logecho 1
// Rate Settings //
// Frame rate limiter
fps_max 600
// Min bandwidth rate allowed on server, 0 == unlimited
sv_minrate 0
// Max bandwidth rate allowed on server, 0 == unlimited
sv_maxrate 20000
// Minimum updates per second that the server will allow
sv_minupdaterate 66
// Maximum updates per second that the server will allow
sv_maxupdaterate 66
// Download Settings //
// Allow clients to upload customizations files
sv_allowupload 1
// Allow clients to download files
sv_allowdownload 1
// Maximum allowed file size for uploading in MB
net_maxfilesize 15
// Team Balancing //
// Enable team balancing
// Time after the teams become unbalanced to attempt to switch players.
// Time after the teams become unbalanced to print a balance warning
// Teams are unbalanced when one team has this many more players than the other team. (0 disables check)
mp_teams_unbalance_limit 1
// Round and Game Times //
// Enable timers to wait between rounds. WARNING: Setting this to 0 has been known to cause a bug with setup times lasting 5:20 (5 minutes 20 seconds) on some servers!
mp_enableroundwaittime 1
// Time after round win until round restarts
mp_bonusroundtime 8
// If non-zero, the current round will restart in the specified number of seconds
mp_restartround 0
// Enable sudden death
mp_stalemate_enable 1
// Timelimit (in seconds) of the stalemate round.
mp_stalemate_timelimit 300
// Game time per map in minutes
mp_timelimit 35
// Client CVars //
// Restricts spectator modes for dead players
mp_forcecamera 0
// Toggles whether the server allows spectator mode or not
mp_allowspectators 1
// Toggles footstep sounds
mp_footsteps 1
// Toggles game cheats
sv_cheats 0
// After this many seconds without a message from a client, the client is dropped
sv_timeout 900
// Maximum time a player is allowed to be idle (in minutes), made this and sv_timeout equal same time?
mp_idlemaxtime 15
// Deals with idle players 1=send to spectator 2=kick
mp_idledealmethod 2
// Time (seconds) between decal sprays
decalfrequency 30
// Communications //
// enable voice communications
sv_voiceenable 1
// Players can hear all other players, no team restrictions 0=off 1=on
sv_alltalk 0
// Amount of time players can chat after the game is over
mp_chattime 10
// Enable party mode
tf_birthday 0

23
charts/vaultwarden/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/vaultwarden/Chart.lock
View File

@ -1,6 +0,0 @@
dependencies:
- name: softplayer-lib-workload
repository: oci://git.badhouseplants.net/softplayer
version: 0.2.1
digest: sha256:a3a4a69717a3549841454a0e27a1a9114ea8a03543caf5c0c9a184d5a98f36b4
generated: "2024-07-15T19:54:46.672967+02:00"

23
charts/vaultwarden/Chart.yaml
View File

@ -1,23 +0,0 @@
apiVersion: v2
name: vaultwarden
description: Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
type: application
version: 2.1.0
appVersion: 1.31.0
maintainers:
- name: allanger
email: allanger@zohomail.com
url: https://badhouseplants.net
dependencies:
- name: softplayer-lib-workload
version: 0.2.1
repository: oci://registry.badhouseplants.net/softplayer
annotations:
allowed_workload_kinds: "Deployment"
sources:
- https://github.com/dani-garcia/vaultwarden/tree/main
keywords:
- vaultwarden
- bitwarden
- bitwarden_rs
home: https://github.com/dani-garcia/vaultwarden/tree/main

6
charts/vaultwarden/templates/install.yaml
View File

@ -1,6 +0,0 @@
{{ include "lib.workload" . }}
{{ include "lib.service" . }}
{{ include "lib.ingress" . }}
{{ include "lib.config.env" . }}
{{ include "lib.pvc" . }}
{{ include "lib.raw" . }}

114
charts/vaultwarden/values.yaml
View File

@ -1,114 +0,0 @@
---
workload:
kind: Deployment
strategy:
type: RollingUpdate
containers:
vaultwarden:
image:
registry: registry.hub.docker.com
repository: vaultwarden/server
tag:
pullPolicy: Always
ports:
- vaultwarden
mounts:
storage:
data:
path: /app/data/
# logs:
# path: /app/logs
envFrom:
- environment
- secrets
livenessProbe:
exec:
command:
- sh
- /healthcheck.sh
readinessProbe:
exec:
command:
- sh
- /healthcheck.sh
initialDelaySeconds: 10
periodSeconds: 10
ingress:
main:
class: traefik
annotations:
annotation: test
rules:
- hosts: vaultwarden.softplayer.net
http:
paths:
- backend:
service:
name: '{{ include "chart.fullname" $ }}'
port: 8080
tls:
- hosts:
- vaultwarden.softplayer.net
secretName: vaultwarden.softplayer.net
service:
type: ClusterIP
ports:
vaultwarden:
port: 8080
targetPort: 8080
protocol: TCP
storage:
data:
storageClassName: default
size: 1Gi
accessModes:
- ReadWriteOnce
# logs:
# storageClassName: default
# size: 1G
# accessModes:
# - ReadWriteOnce
# -- Please have a look here: https://github.com/dani-garcia/vaultwarden/blob/main/.env.template
env:
environment:
enabled: true
sensitive: false
data:
DOMAIN: vaultwarden.softplayer.net
SMTP_HOST: ~
SMTP_SECURITY: startls
SMTP_PORT: 587
SMTP_AUTH_MECHANISM: Plain
SMTP_FROM: vaultwarden@softplayer.net
SMTP_FROM_NAME: Soft Player
SMTP_DEBUG: false
SMTP_ACCEPT_INVALID_HOSTNAMES: false
SMTP_ACCEPT_INVALID_CERTS: false
SMTP_USERNAME: ~
DATA_FOLDER: /app/data/
ROCKET_PORT: 8080
SHOW_PASSWORD_HINT: true
SIGNUPS_ALLOWED: false
INVITATIONS_ALLOWED: true
SIGNUPS_DOMAINS_WHITELIST: "*"
SIGNUPS_VERIFY: true
WEB_VAULT_ENABLED: true
LOG_FILE: /app/logs
LOG_LEVEL: info
DB_CONNECTION_RETRIES: 10
DATABASE_MAX_CONNS: 10
ORG_GROUPS_ENABLED: true
ORG_EVENTS_ENABLED: true
ORG_CREATION_USERS: ""
secrets:
enabled: true
sensitive: true
data:
ADMIN_TOKEN: "R@ndomToken$tring"
DATABASE_URL: ~
SMTP_PASSWORD: ~

11
scripts/lint.sh
View File

@ -1,11 +0,0 @@
#!/usr/bin/env bash
CHANGED_CHARTS=$(ct list-changed)
CURRENT_DIR=$(pwd)
for CHART in $CHANGED_CHARTS; do
cd "${CHART}"
helm dependency update
ct lint --target-branch main --validate-maintainers=false
cd "${CURRENT_DIR}"
done

16
scripts/test.sh
View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
CHANGED_CHARTS=$(ct list-changed)
CURRENT_DIR=$(pwd)
for CHART in $CHANGED_CHARTS; do
cd "${CHART}"
helm dependency update
if [[ "$(helm show chart . | yq '.annotations.skip_tests')" != "true" ]]; then
ct install --target-branch main
ct install --target-branch main --upgrade
else
echo "skipping chart because of the skip_test annotation"
fi
cd "${CURRENT_DIR}"
done